The answer is simple: Once you have dropped your privileges with setuid($u), you run as a normal user, and no normal user may setuid(0).

You may change to root if your effective or saved uid is zero. However, setuid($u) sets both of them to $u. I believe you could use the seteuid system call instead of setuid to set only the effective uid. Unfortunately I cannot find a seteuid function in the POSIX module..

Compare to the setuid(2) man page and the like.